230 matches found
CVE-2024-11254
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqusname parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary we...
CVE-2024-54819
I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery SSRF due to improper input validation in classes/security/validation.php...
CVE-2024-20403
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient...
CVE-2023-32537
Affected versions Trend Micro Apex Central on-premise are vulnerable to potential authenticated reflected cross-site scripting XSS attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order ...
CVE-2023-47726
IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation. IBM X-Force ID: 272087...
CVE-2023-20219
Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require...
CVE-2022-20834
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...
CVE-2022-39072
There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks...
Security Bulletin: TSSC/IMC addresses multiple security vulnerabilities.
Summary TSSC/IMC addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2020-15778 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation in the remote function in scp.c. B...
CVE-2021-30299
Possible out of bound access in audio module due to lack of validation of user provided input...
CVE-2020-25151
The affected product does not properly validate input, which may allow an attacker to execute a denial-of-service attack on the NIO 50 all versions...
CVE-2020-16216
In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and...
CVE-2020-3954
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation...
CVE-2019-15800
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. Due to lack of input validation in the cmdsystracerouteexec, cmdsysarpclear, and cmdsyspingexec functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call...
CVE-2019-8549
Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to execute arbitrary code with system privileges...
CVE-2019-15709
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI...
CVE-2011-4124
Input validation issues were found in Calibre at devices/linuxmounthelper.c which can lead to argument injection and elevation of privileges...
Denial Of Service (DoS)
github.com/ollama/ollama is vulnerable to Denial of Service DoS. The vulnerability is due to improper input validation and unchecked array index access in the /api/pull endpoint, which allows an attacker to send a crafted manifest that crashes the server...
CVE-2025-20197
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific...
TOTOLINK A810R setParentalRules function buffer overflow vulnerability
The TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A810R version V4.1.2cu.5182B20201026, which stems from the startTime and endTime parameters in the setParentalRules function failing to correctly validate t...